In today's modern world, Cyber-Physical Systems (CPS) have gained widespread prevalence, offering tremendous benefits while also increasing society's dependence on them. Given the direct interaction of CPS with the physical environment, their malfunction or compromise can pose significant risks to human life, property, and the environment. However, as the complexity of CPS rises due to heightened expectations and expanded functional requirements, ensuring their trustworthy operation solely during the development process becomes increasingly challenging.
This thesis introduces and delves into the novel concept of the 'Protective Shell' – a real-time safeguard actively monitoring CPS during their operational phases. The protective shell serves as a last line of defence, designed to detect abnormal behaviour, conduct thorough analyses, and initiate countermeasures promptly, thereby mitigating unforeseen risks in real-time.
The primary objective of this research is to enhance the overall safety and security of CPS by refining, partly implementing, and evaluating the innovative protective shell concept. To provide context for collaborative systems working towards higher objectives — common within CPS as system-of-systems (SoS) — the thesis introduces the 'Emergence Matrix'. This matrix categorises outcomes of such collaboration into four quadrants based on their anticipated nature and desirability. Particularly concerning are outcomes that are both unexpected and undesirable, which frequently serve as the root cause of safety accidents and security incidents in CPS scenarios. The protective shell plays a critical role in mitigating these unfavourable outcomes, as conventional vulnerability elimination procedures during the CPS design phase prove insufficient due to their inability to proactively anticipate and address these unforeseen situations.
Employing the design science research methodology, the thesis is structured around its iterative cycles and the research questions imposed, offering a systematic exploration of the topic. A detailed analysis of various safety accidents and security incidents involving CPS was conducted to retrieve vulnerabilities that led to dangerous outcomes. By developing specific protective shells for each affected CPS and assessing their effectiveness during these hazardous scenarios, a generic core for the protective shell concept could be retrieved, indicating general characteristics and its overall applicability.
Furthermore, the research presents a generic protective shell architecture, integrating advanced anomaly detection techniques rooted in explainable artificial intelligence (XAI) and human machine teaming. While the implementation of protective shells demonstrate substantial positive impacts in ensuring CPS safety and security, the thesis also articulates potential risks associated with their deployment that require careful consideration.
In conclusion, this thesis makes a significant contribution towards the safer and more secure integration of complex CPS into daily routines, critical infrastructures and other sectors by leveraging the capabilities of the generic protective shell framework.:1 Introduction
1.1 Background and Context
1.2 Research Problem
1.3 Purpose and Objectives
1.3.1 Thesis Vision
1.3.2 Thesis Mission
1.4 Thesis Outline and Structure
2 Design Science Research Methodology
2.1 Relevance-, Rigor- and Design Cycle
2.2 Research Questions
3 Cyber-Physical Systems
3.1 Explanation
3.2 Safety- and Security-Critical Aspects
3.3 Risk
3.3.1 Quantitative Risk Assessment
3.3.2 Qualitative Risk Assessment
3.3.3 Risk Reduction Mechanisms
3.3.4 Acceptable Residual Risk
3.4 Engineering Principles
3.4.1 Safety Principles
3.4.2 Security Principles
3.5 Cyber-Physical System of Systems (CPSoS)
3.5.1 Emergence
4 Protective Shell
4.1 Explanation
4.2 System Architecture
4.3 Run-Time Monitoring
4.4 Definition
4.5 Expectations / Goals
5 Specific Protective Shells
5.1 Boeing 737 Max MCAS
5.1.1 Introduction
5.1.2 Vulnerabilities within CPS
5.1.3 Specific Protective Shell Mitigation Mechanisms
5.1.4 Protective Shell Evaluation
5.2 Therac-25
5.2.1 Introduction
5.2.2 Vulnerabilities within CPS
5.2.3 Specific Protective Shell Mitigation Mechanisms
5.2.4 Protective Shell Evaluation
5.3 Stuxnet
5.3.1 Introduction
5.3.2 Exploited Vulnerabilities
5.3.3 Specific Protective Shell Mitigation Mechanisms
5.3.4 Protective Shell Evaluation
5.4 Toyota 'Unintended Acceleration' ETCS
5.4.1 Introduction
5.4.2 Vulnerabilities within CPS
5.4.3 Specific Protective Shell Mitigation Mechanisms
5.4.4 Protective Shell Evaluation
5.5 Jeep Cherokee Hack
5.5.1 Introduction
5.5.2 Vulnerabilities within CPS
5.5.3 Specific Protective Shell Mitigation Mechanisms
5.5.4 Protective Shell Evaluation
5.6 Ukrainian Power Grid Cyber-Attack
5.6.1 Introduction
5.6.2 Vulnerabilities in the critical Infrastructure
5.6.3 Specific Protective Shell Mitigation Mechanisms
5.6.4 Protective Shell Evaluation
5.7 Airbus A400M FADEC
5.7.1 Introduction
5.7.2 Vulnerabilities within CPS
5.7.3 Specific Protective Shell Mitigation Mechanisms
5.7.4 Protective Shell Evaluation
5.8 Similarities between Specific Protective Shells
5.8.1 Mitigation Mechanisms Categories
5.8.2 Explanation
5.8.3 Conclusion
6 AI
6.1 Explainable AI (XAI) for Anomaly Detection
6.1.1 Anomaly Detection
6.1.2 Explainable Artificial Intelligence
6.2 Intrinsic Explainable ML Models
6.2.1 Linear Regression
6.2.2 Decision Trees
6.2.3 K-Nearest Neighbours
6.3 Example Use Case - Predictive Maintenance
7 Generic Protective Shell
7.1 Architecture
7.1.1 MAPE-K
7.1.2 Human Machine Teaming
7.1.3 Protective Shell Plugin Catalogue
7.1.4 Architecture and Design Principles
7.1.5 Conclusion Architecture
7.2 Implementation Details
7.3 Evaluation
7.3.1 Additional Vulnerabilities introduced by the Protective Shell
7.3.2 Summary
8 Conclusion
8.1 Summary
8.2 Research Questions Evaluation
8.3 Contribution
8.4 Future Work
8.5 Recommendatio
